On Tue, Dec 21, 2004 at 09:40:10AM +0000, Adrian Chadd wrote:
No, wrong. Modern botnet type software can run as a non privileged user on most Unixes. It still has enough privilege to cause great harm. Spyware may require a little more privilege to be a bother.
It's not snarfing passwords, it's not using raw sockets, it's not hiding itself on the filesystem, it's not infecting or replacing binaries, it has limited functionality for restarting itself (cron, bash_login?), it's trivial to clean up. Nobody said *nix wasn't vulnerable, it's simply less vulnerable and the level of penetration can be severely limited. In response to the post by Christopher Morrow, the typical *nix desktop (should|is) not running apache, sshd, portmapper, etc. And sendmail is installed listening only on the loopback interface from RedHat 9 onward. The point being, you don't need a firewall. You need to turn off/remove/fix the services that are causing the problem. -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203